Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-24552

    A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into ... Read more

    Affected Products : nas san
    • EPSS Score: %1.09
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-22612

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plai... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2024-10081

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other ... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2025-26936

    Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-30367

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries... Read more

    Affected Products : wegia
    • Published: Mar. 27, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-37902

    DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed i... Read more

    Affected Products :
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0496

    PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.... Read more

    Affected Products : neon_labs_website
    • EPSS Score: %1.45
    • Published: Jan. 25, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-4196

    An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.... Read more

    Affected Products : ip_office
    • Published: Jun. 25, 2024
    • Modified: Jan. 21, 2025

  • 10.0

    HIGH
    CVE-2025-5600

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based b... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-39911

    1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this ... Read more

    Affected Products : 1panel
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-25139

    In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that ... Read more

    Affected Products : omada_er605_firmware
    • Published: Mar. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-40629

    JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible pl... Read more

    Affected Products : jumpserver
    • Published: Jul. 18, 2024
    • Modified: Mar. 25, 2025

  • 10.0

    HIGH
    CVE-2007-0863

    PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: h... Read more

    Affected Products : trevorchan
    • EPSS Score: %4.34
    • Published: Feb. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-29908

    The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.... Read more

    Affected Products : ts7700_firmware ts7700
    • EPSS Score: %0.61
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-39967

    WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identif... Read more

    Affected Products : studio wiremock
    • EPSS Score: %0.60
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9117

    An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attacker... Read more

    Affected Products : m2_firmware c1_firmware m2 c1
    • EPSS Score: %9.27
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10487

    Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voi... Read more

    • EPSS Score: %0.40
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9161

    WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to ... Read more

    • EPSS Score: %3.68
    • Published: Apr. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-2543

    Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), ... Read more

    • EPSS Score: %0.47
    • Published: Jul. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1014

    Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.... Read more

    Affected Products : vicftps
    • EPSS Score: %21.54
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292058 Results